Job Description
Sempra: Where opportunity powers impact
At Sempra, we tackle the biggest energy challenges that face our industry. Our high-performing team leverages the full capabilities of our organization to serve 40 million consumers across North America. By collaborating and challenging one another across multiple disciplines, we inspire our best work, ideas and innovation. From increasing liquified natural gas (LNG) capacities to reducing carbon emissions to helping people prepare for the realities of climate change, we are committed to building a better energy future for all.
Primary Purpose
The primary responsibility of the Cybersecurity Governance Manager is to enhance and lead the Corporate Cybersecurity IT Governance Program in collaboration with the IT and Cybersecurity teams at Sempra Companies. This role demands strong leadership and project management skills, along with the expertise to conduct comprehensive system-wide security analyses, evaluate the effectiveness of controls, assess risks, and develop policies, standards, and guidelines.
Duties and Responsibilities
- Corporate policies and standards: Develops enterprise cybersecurity policies and standards. Aligns policies to National Institute of Standards and Technology (NIST) and other regulatory frameworks. Communicates updates and maintains the roadmap for future policy requirements. Liaison with business units to communicate, educate, and clarify and policy questions.
- Metrics and reporting: Creates and maintains metrics and reports for the Corporate Cyber Council and Board. Establishes processes for consistent, accurate, and repeatable reporting.
- GRC Operating Model: Implements and maintains the General Rate Case (GRC) tool and processes to support tracking and monitoring of risks, issues, and risk exception for Sempra Companies.
- Team Management: Provides leadership to a team made up of employees and third parties. Provides direction, motivation, and strategic oversight. Owns all aspects of employee management for a large team, directing work and providing guidance. Responsible for all aspects of performance management, training, and development. May supervise team leads.
- Management self-assessment program: Performs and/or engages a third party to perform assessments of any process with cybersecurity risk to evaluate the risks and adequacy of controls. Establishes meaningful recommendations considering risk and impact to business processes where gaps are identified.
- Approves contracts and services with 3rd party vendors.
- Performs other duties as assigned.
Qualifications
Education
- Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, Software Engineering, Business Administration, related field, or equivalent experience is required.
Experience
- 8 years of Relevant Experience: A strong background in cybersecurity governance, IT Risk Management, or a related field is required.
- 6 years of Leadership: Proven experience in supervisory and leadership roles is required.
- 6 years of Reporting and Metrics: Expertise in creating reports and metrics for senior business executives and/or the Board is required.
- 6 years of GRC Tooling: Hands-on experience with GRC tool-sets (Governance Risk and Compliance), especially ServiceNow GRC/IRM, is required.
- 6 years of Project Management: Demonstrated ability to manage projects in a fast-paced, collaborative environment, track progress, manage key deliverables, and report to executives is required.
- 2 years of Industry Experience: Experience in the energy sector or with a utility is preferred.
- Must reside in Southern California or be willing to relocate upon hire.
- We offer a hybrid work environment. Although the schedule may vary, typically this will allow you to work from the office three days per week and work remotely on the remaining workdays.
Skills and Abilities
- Stakeholder Management: Advanced ability to create and maintain strong relationships with stakeholders to drive outcomes and align around a vision or course of action is required.
- Team / Initiative Management: Advanced demonstrated ability to operate and innovate within a small team in a fast-paced environment, balancing strategic and tactical needs. Flexibility to adapt to changing assignments and effectively prioritize. Highly self-motivated, goal-oriented, and self-directed is required.
- Communication: Advanced ability to communicate technical ideas and strategies effectively to non-technical audiences, including executive leadership, through various mediums (e.g., written communications, verbal communications, presentations). Strong analytical skills and the ability to organize work logically, thoroughly, and succinctly. Effective written and verbal English communication at all levels, providing compliance guidance to project teams, management, and business partners is required.
- Cybersecurity & Technology Trends: Advanced understanding of emerging trends in the cybersecurity and technology landscape, including new technologies, processes, and ways of working. Ability to determine the impact of technological advancements on the company's systems, applications, infrastructure, and practices. Strong understanding of risk management principles, regulatory requirements, and industry best practices. Good understanding of General IT Controls and Data Privacy Regulations is required.
- Vendor / Contract Management: Advanced ability to build effective relationships and manage the execution of projects delivered by third-party providers, suppliers, and partners is required.
- Financial Acumen: Advanced financial acumen, including the ability to accurately report spending in the IT function and an understanding of both CapEx and OpEx budgets is required.
- Business Functional Knowledge: Advanced knowledge and understanding of the business context, market, and operational functions of the operating company and the wider utilities industry. Good understanding of IT systems and controls, including web systems, e-commerce, data centers, network infrastructure, patching, access controls, databases, CRM, and cloud systems is preferred.
Licenses and Certifications
Certified Information Systems Security Professional (CISSP) is preferred.
Sempra
101 Ash St
San Diego
California United States
www.sempra.com